Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, June 6, 2012 1:31 PM
Hello,
i have a working radius-configuration.
Hardware:
Server2008R2 (radius-server in MS-domain)
1 AP-point
Working Well!
When making a second accespoint available through WDS and authentication with radius we have a problem.
The 2nd accespoint will create an event in the eventlog of the server with the following details:
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID: domain\user
Account Name: domain\user
Account Domain: domain
Fully Qualified Account Name: domain\user
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: 00-02-6F-9A-B3-4C
Calling Station Identifier: 00-02-6F-9A-B3-50
NAS:
NAS IPv4 Address: 10.31.10.125
NAS IPv6 Address: -
NAS Identifier: -
NAS Port-Type: Wireless - IEEE 802.11
NAS Port: 0
RADIUS Client:
Client Friendly Name: 10.31.10.125
Client IP Address: 10.31.10.125
Authentication Details:
Connection Request Policy Name: Secure Wireless Connections
Network Policy Name: -
Authentication Provider: Windows
Authentication Server: domain.local
Authentication Type: PEAP
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 300
Reason: No credentials are available in the security package
Howto fix this issue? we have tried many work-arrounds!
All replies (6)
Friday, June 15, 2012 2:34 AM ✅Answered
Hi,
Sorry for the delay.
And I have limited knowledge of this production. Given this situation, I would suggest you to contact the EnGenius support for the detailed step to deploy WDS with the RADIUS server if it’s supported. Your understanding is highly appreciated.
Best Regards,
Aiden
Aiden Cao
TechNet Community Support
Friday, June 15, 2012 7:16 PM ✅Answered
Hi there -
The reason code explanation in NPS documentation is "Authentication failed. The certificate is malformed and Extensible Authentication Protocl (EAP) cannot locate credential information in the certificate."
I think the problem here is that you need to connect the second AP to the wire. The AP must be configured as a RADIUS client in NPS so that the RADIUS protocol is used between the two, but your configuration makes that impossible because the AP is attempting to log on as an access client. If you connect the AP via Ethernet it should work fine, assuming that you have configured it with the same shared secret that you used to configure the RADIUS client in NPS.
Thanks -
James McIllece
Thursday, June 7, 2012 10:32 AM
somebody with a solution?
Monday, June 11, 2012 4:58 AM
Hi,
Thanks for your post.
You need to let us more information about your AP devices. I assume you deploy WDS AP in your environment. From the Cisco published document, the WDS AP must establish a relationship to an authentication server through authentication with a WDS user name and password. The authentication server can be either an external RADIUS server or the local RADIUS server feature in the WDS AP. Please double check whether you set the NPS server as the RADIUS server to enable authentication and accounting.
Wireless Domain Services Configuration
Wireless Domain Services AP as an AAA Server Configuration Example
As it is a question about the inter-operation between Windows NPS and Wireless device, please also contact the manufacturer support for further investigation. Thank you for your understanding.
Best Regards,
Aiden
Aiden Cao
TechNet Community Support
Tuesday, June 12, 2012 11:33 AM
We are using the following accespoints : EnGenius ECB-9500
We already use accouting and logs for troubleshooting.
The error about this topic "No credentials are available in the security package" is coming out of the log-files.
First Situation:
When we disable Radius and use WPA2 WDS is working well! When we enable Radius, radius is working well also.
Second Situation:
But...when we try to connect the 2nd accesspoint through Accespoint1 to the radius-server this error message occurs!
The setup is Like this : AP2 > AP1>Radius-server
We are using the same username/password as used on the first situation.
Somebody who knows a solution for this?
Wednesday, September 19, 2018 1:37 PM
The problem in my case was that I had imported the .crt certificate (without the private key) not the .p12